Security authorization component should log denied access for simple right inquiry at debug level

In the new security API, there is a clear separation between access check made at security checkpoints, and access verification made for interface customization. During a simple verification, denied right are expected events that should be logged at debug level.
Current implementation logs all denied access at info level.